Skip to content

Commit

Permalink
bugfix snake yaml decode rce (#1239)
Browse files Browse the repository at this point in the history
  • Loading branch information
tomsun28 authored Sep 13, 2023
1 parent 45bc5de commit 8d36289
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,8 @@
@RequestMapping(path = "/api/apps", produces = {APPLICATION_JSON_VALUE})
public class AppController {

private static final String[] RISKY_STR_ARR = {"ScriptEngineManager", "URLClassLoader"};

@Autowired
private AppService appService;

Expand Down Expand Up @@ -91,6 +93,13 @@ public ResponseEntity<Message<Void>> deleteAppDefineYml(
@Operation(summary = "Add new monitoring type define yml", description = "新增监控类型的定义YML")
public ResponseEntity<Message<Void>> newAppDefineYml(@Valid @RequestBody MonitorDefineDto defineDto) {
try {
for (String riskyToken : RISKY_STR_ARR) {
if (defineDto.getDefine().contains(riskyToken)) {
return ResponseEntity.ok(Message.<Void>builder()
.code(CommonConstants.FAIL_CODE)
.msg("can not has malicious remote script").build());
}
}
appService.applyMonitorDefineYml(defineDto.getDefine(), false);
} catch (Exception e) {
return ResponseEntity.ok(Message.fail(FAIL_CODE, e.getMessage()));
Expand All @@ -102,6 +111,13 @@ public ResponseEntity<Message<Void>> newAppDefineYml(@Valid @RequestBody Monitor
@Operation(summary = "Update monitoring type define yml", description = "更新监控类型的定义YML")
public ResponseEntity<Message<Void>> updateAppDefineYml(@Valid @RequestBody MonitorDefineDto defineDto) {
try {
for (String riskyToken : RISKY_STR_ARR) {
if (defineDto.getDefine().contains(riskyToken)) {
return ResponseEntity.ok(Message.<Void>builder()
.code(CommonConstants.FAIL_CODE)
.msg("can not has malicious remote script").build());
}
}
appService.applyMonitorDefineYml(defineDto.getDefine(), true);
} catch (Exception e) {
return ResponseEntity.ok(Message.fail(FAIL_CODE, e.getMessage()));
Expand Down
2 changes: 1 addition & 1 deletion pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@
<lombok.version>1.18.20</lombok.version>
<slf4j.version>1.7.36</slf4j.version>
<xml.bind.version>2.3.0</xml.bind.version>
<snake.yaml.version>1.32</snake.yaml.version>
<snake.yaml.version>1.33</snake.yaml.version>
<kafka-clients.version>3.4.0</kafka-clients.version>

<mysql.version>8.0.30</mysql.version>
Expand Down

0 comments on commit 8d36289

Please sign in to comment.